SGHRP: Secure Greedy Highway Routing Protocol with authentication and increased privacy in vehicular ad hoc networks

VANETs are networks of connected intelligent vehicles that can communicate with each other, as well as with infrastructure and fixed roadside equipment. As a result of the lack of fixed infrastructure and open-access environment, security is crucial when sending packets. Secure routing protocols have been proposed for VANETs, but most are focused on authenticating nodes and creating a secure route, without considering confidentiality after the route is created. Using a chain of source keys validated by a one-way function, we have proposed a secure routing protocol called Secure Greedy Highway Routing Protocol (GHRP), which provides increased confidentiality over other protocols. As part of the proposed protocol, the source, destination, and intermediate nodes are authenticated using a hashing chain in the first stage, and in the second stage, one-way hashing has been used to increase data security. In order to resist routing attacks such as black hole attacks, the proposed protocol is based on the GHRP routing protocol. The proposed protocol is simulated using the NS2 simulator, and its performance is compared with that of the SAODV protocol. Based on the simulation results, the proposed protocol performs better than the mentioned protocol in terms of packet delivery rate, overhead, and average end-to-end delay.


Introduction
Vehicular ad hoc network (VANET) is a wireless network in which the vehicles equipped with wireless interface can communicate with each other or fixed roadside equipment (Fig 1) [1][2][3].
Vehicular Ad hoc Networks research is not comprehensive, there are still challenges that remain unresolved, and more research is needed in this area. In communication environments, most routing protocols focus on the urban environment and less on the highway environment, for example. A number of other challenges should also be considered, including highly dynamic topologies and high mobility, continuous network interruptions, movement route prediction and modeling, diverse communication environments, fault tolerance, distribution networks, security and confidentiality [1,[4][5][6][7][8][9][10][11][12][13][14][15]. Route discovery and maintenance are particularly important in Vehicular Ad hoc Networks because of their unstable nature. Data a1111111111 a1111111111 a1111111111 a1111111111 a1111111111 packets are routed from their source to their destination in order to ensure reliability. Another goal of routing is to minimize delays [3,16].
Security is an essential component for performing simple network tasks such as routing and packet forwarding. As all nodes in vehicular ad hoc networks perform this task, security problems are inherent because nodes cannot be trusted to perform their main and vital tasks properly. When there is an initial trust relationship between the nodes of a network, an authentication entity can ensure the proper functioning of critical network functions. There are, however, some special scenarios, such as military and cooperative networks, in which a common trusted center manages the network and impenetrable hardware is required. Authentication in large networks, however, requires key management. Managed environments are those where a common trusted center manages keys [17][18][19][20][21][22][23][24][25]. A network node that does not have impenetrable hardware and authentication infrastructure, such as in gaming environments without a trusted center to control the network, can compromise the credibility of the network. Besides the correct implementation of the network tasks, each node must also take on a share of these tasks and perform them correctly [17]. Various routing protocols have been proposed for secure routing in vehicular ad hoc networks, including SAODV, Ariadne, ARAN, SEAD, and ECDSA [26]. Most of these existing methods aim to establish security in routing, authentication of nodes from source to destination, but each protocol only focuses on a specific security service. Additionally, each of these protocols unintentionally increases routing overhead in the network and is vulnerable to routing attacks such as black holes. In terms of packet delivery rate, average end-to-end delay, and routing overhead, the proposed protocol outperforms the compared SAODV protocol. The next parts of the paper are organized in the following way: black hole attack in section 2, related work in section 3, GHRP protocol in section 4, proposed protocol in section 5, comparison of the proposed protocol simulation with other SAODV and GHRP protocols in section 6, and finally conclusions, challenges, and future work are discussed in section 7.

Black hole attack
VANETs are extremely vulnerable to security attacks due to their high dynamism, open access medium, distributed infrastructure, and protocol design problems. Security attacks such as denial-of-service (DoS), Sybil attacks, wormhole attacks (WHA), impersonation attacks, and black hole attacks (BHA) have made them vulnerable. These attacks can compromise VANET applications and services. In a BHA, all network traffic is directed to a specific node, where it disappears like matter in a black hole. It is therefore called a black hole because of the nature of this particular node [7,12,[27][28][29][30][31][32][33][34]. When a malicious node receives an RREQ packet from a source node, it quickly responds with a fake RREP without checking its routing table. Upon receiving the fake RREP packet, the source node deceptively considers it as an optimal route and forwards data packets towards the black hole. A BHA drops data packets instead of forwarding them, resulting in a decrease in overall network security and performance, as well as disrupting the sharing of network information. Emergency notifications and warning changes may be contained in these packets, which must be delivered quickly and within a specific timeframe. In highly dynamic vehicular ad hoc networks, dropping such packets can result in road accidents, traffic jams, and road casualties [35,36]. Since BHA is one of the most serious attacks in VANETs, our aim in this study is to present a new and efficient secure routing protocol by authenticating nodes using a hash chain in the route creation phase and using one-way hash functions to increase data security after route creation to counter the BHA attack.

Related work
In VANETs, routing protocols lacking encryption mechanisms make them vulnerable to routing attacks; however, safety protocols have been designed based on these protocols. The purpose of this section is to provide a brief introduction to some of these protocols.

SAODV routing protocol
SAODV is an extension of the AODV protocol for routing discovery and for providing security features such as integrity, authentication, and non-denial of service [35,[37][38][39]. The SAODV protocol uses public key cryptography and AODV for routing. All intermediate nodes validate the routing packet in this protocol. As part of the SAODV protocol, two digital signature features are used to ensure that packets are not tampered with, and a hash chain is used to authenticate the route hop count.

ARAN routing protocol
ARAN's routing protocol [40] is based on AODV. On receiving a certification request from a CA, a third party called a certificate authority (CA) sends a signed certificate to the nodes. Secure route detection is authenticated using asymmetric encryption techniques, and the route is cleared using timestamp [26,41]

SEAD routing protocol
The SEAD routing protocol [42] is based on the DSDV protocol. To validate random numbers and hop count in the routing table, this protocol uses one-way hashing functions. The protocol also uses symmetric encryption with a shared key between the source and destination [26].

Ariadne routing protocol
YihChun et al. proposed the Ariadne routing protocol in 2005. This protocol validates packets and nodes using three methods: shared keys between two pairs of nodes, TESLA-based shared keys between end nodes, and digital signatures [26,41].

ECDSA routing protocol
The ECDSA [43] protocol uses a digital signature. Additionally, ECDSA uses hashes and related symmetric key operations to ensure the authenticity and protection of digital signatures. As soon as both sender and receiver agree on the parameters for the elliptical curve domain, it can be initiated [26,41].

GHRP routing protocol
The GHRP protocol was introduced by Edris et al. in 2022 [3]. Data transfer protocol Greedy Highway Routing Protocol is designed to distribute information on highways with two-way traffic in the opposite direction (Fig 2). This protocol uses fixed and mobile RSUs to disseminate information. By identifying accident-prone points and installing fixed RSUs in those places, the number of fixed RSUs is minimized to minimize the cost problem, and by using mobile RSUs, which are intercity public transportation vehicles, the entire route can be covered so the total information can be obtained. Reduce the end-to-end delay by aggregating the path (increasing packet delivery rate). An IEEE 802.11p interface and a 4G interface are provided by the On-Board Unit (OBU) of every car that is used as a mobile RSU. For communication with conventional vehicles, IEEE 802.11p is used, and for communication with RSUs (fixed and mobile), 4G is used. As a rule of thumb, 20% of the total number of nodes are considered RSUs. GPS-enabled vehicles are assumed to be aware of their location using the GHRP protocol, and a digital map with road traffic conditions is installed in each vehicle.
The GHRP routing protocol selects the shortest route between source and destination to reduce delay. By estimating the number of steps between the source and the destination, the shortest possible route between the source and the destination is selected. The steps necessary to reach the nearest fixed or moving RSU are calculated as follows: A. If d 0 � R then we have (Eqs 1 and 2): d 0 is the average distance between ordinary vehicles from the source to the first RSU, R is the coverage radius of each vehicle, C j is the number of steps to reach the nearest fixed or moving RSU, T is the time it takes to reach the nearest fixed or moving RSU, L j is the length of the jth road section, N 0 j 2 k is the number of RSUs in the L j section, and t d is the time it takes for two vehicles to send packets. B. If d'>R, then we have (Eq 3 and 4): M 0 j 2 k is the number of ordinary vehicles between the source and the first RSU, V i is the speed of vehicle i, and d ij is the distance between two vehicles i and j. In the case that D 1 = D 2 (the distance from the source vehicle to the fixed RSU behind it is called D 1 and the distance from the source vehicle to the fixed RSU in front is called D 2 ), because the number of steps will be equal, a route with the longest lifetime will be chosen among the available routes. In order to calculate the lifetime, we follow these steps: A. Both vehicles should be in the same direction, and the speed of the front vehicle should be more. The following equation (Eq 5) calculates the route's lifetime: B. Both vehicles should be in the same direction, and the speed of the front vehicle must be less. Eq 6 calculates the lifetime of the route in this case: C. The vehicles move in the opposite direction. According to Eq 7, the route's lifetime is calculated as follows: In this equation, R is the radius of each vehicle, d ij is the distance between vehicle i and vehicle j, V i is the speed of vehicle i, and Vj is the speed of vehicle j.

Proposed protocol
There are some security issues with the GHRP protocol that result in it being vulnerable to attacks like denial of service (DoS), Sybil attacks, wormhole attacks (WHAs), impersonation attacks and black hole attacks (BHAs). We propose a new secure routing protocol named SGHRP (Secure Greedy Highway Routing Protocol) to authenticate nodes using hash chains and use one-way hash functions to increase data security after routes are created.
One-way hashes are mathematical functions that convert variable-length input strings into fixed-length binary sequences. Moreover, a one-way hash function is designed in such a way that it is difficult to reverse the process, namely to find a string that hashes to a given value. As shown in Table 1, the proposed protocol requires the following parameters.
A hash chain is used in the SGHRP protocol to validate the hop count of routing packets (route request packets and route response packets) by intermediate, source, and destination nodes. This method prevents interference attacks by middle nodes.
A hash chain is formed by applying the one-way hash function to the random number generated by the source. As a first step, the source node generates the random number N s and sets it as the initial value of the hashing chain (Eq 8).
Afterward, it sets the maximum hop count equal to the packet's lifetime (Eq 9): By using the TTL of the time of applying the hashing function, it calculates the maximum amount of hashing (Eq 10): Routing packets are authenticated by intermediate nodes based on the maximum hop count in the packet and the maximum hash value (Eq 11):

Max Hash ¼ h TTLÀ Hop Count ðHashÞ ð11Þ
The routing packet contains a packet containing the time information related to increasing privacy. Each intermediate node receives the routing packet and calculates the new hash chain value and MAC value of the packet and replaces them with their previous value. By using their shared keys with the source node, intermediate nodes calculate the MAC. As soon as these intermediate nodes receive the route response, they insert the key into the packet so that the source node can authenticate them.
A VANET network with n nodes is shown in Fig 3. Communication between nodes within radio range of each other can be accomplished in a one-hop, but communication between nodes outside of radio range is accomplished through intermediate nodes. It is assumed that node S intends to create a route to node D. Below are described the steps of the protocol, including route request, route response, route error, and privacy enhancement.

Rout discovery packet phase in SGHRP protocol
The protocol assumes that the nodes have a shared key. According to Fig 3, the source node intends to create a route between itself and the destination. This is accomplished by creating a routing packet with the following format (Eq 12).
The initial value of the hashing chain in this package is h 0 , which can be determined by Eq 13: P packets are placed in routing packets to change encryption keys and increase data confidentiality, which contain time information and the key for the first time period. The packet is encrypted with the shared key of the source and destination nodes to prevent intermediate nodes from accessing it. By applying the hash function to the initial value of the hash chain, Max_Hash is calculated. The source node calculates this and places it inside the routing packet. The Hop_Count value is authenticated by intermediate nodes using this value. The source node sends the routing packet to the nodes within its radio radius (Eq 14): The value of the hash chain is first processed by each intermediate node that receives this packet. After that, they calculate the new value of the hash chain. Also, the MAC value is calculated using the shared keys between itself and the source and placed inside the routing packet. In Fig 3, node N 1 receives the routing packet, so this node first authenticates the hash chain (Eq 15): If the validation is correct, it calculates the following values and sends the routing packet to the neighboring nodes (Eqs 16, 17 and 18):

PLOS ONE
Until the route request packet reaches its destination, this process continues. In the end, the following packet reaches the destination node (Eq 23):

Route response phase in SGHRP protocol
In this phase, the destination node authenticates the hop count using the hash chain, and if it is correct, it extracts the [P] K_SD packet and decodes it to obtain the information about increasing confidentiality. Next, it constructs the route response packet as Eq 24 and sends it to the source node along the same route as the route request packet: H D is equal to the MAC calculated by the destination node based on the shared key between itself and the source node (Eq 25): The intermediate nodes, after receiving the route response packet, put the shared keys with the source node with which they calculated the MACs into the route response packet. route response packets reach the source node based on the following relationships (Eqs 26, 27 and 28).
Upon receiving the route response packet, the source node processes the MAC value created by the destination node (H D ) using the shared key between it and the destination node, then extracts the shared keys with intermediate nodes from the route response packet and H i (authenticates MAC values generated by intermediate nodes). The source and destination nodes are connected if the route response packet information is correct.

Route maintenance phase in SGHRP protocol
The created route will be broken if the nodes move and leave each other's radio range. The intermediate nodes are responsible for notifying the source node of this matter so that it can repair or reroute the route. Route error packets must also be authenticated to the source node in order to prevent tampering. In Fig 4, node N8 is assumed to have moved out of the radio range of node N3. N3 creates the route error packet as follows and sends it to the source node through the route (Eq 29): In this packet, the MAC value is for validating the sender of the error packet, which is calculated by the shared key between the source and the sender of the error packet, and to prevent sending fake error packets, the sender node is authenticated for the source and intermediate nodes and it is stored inside the package.

SGHRP protocol confidentiality enhancement phase
After a route is created, most routing protocols do not pay attention to data confidentiality. By using a chain of source keys validated by a one-way function, the introduced protocol has provided increased confidentiality. A one-way function is used to validate the keys in this section, and then these keys are used to increase data confidentiality. To ensure that a receiver cannot forge the sender's packets if it is attacked, an asymmetric mechanism should be used to verify  the transmission of packets. However, this mechanism requires high overhead and requires high operational processing. For this purpose, the function One-way has been used, which by validating the symmetric keys somehow accesses the features of the asymmetric mechanism while improving data confidentiality as well. According to Fig 5, the K 1 key is used to encrypt the P 1 and P 2 packets that arrived in the first time interval. First, the key K 1 is validated by the one-way function (K 0 = F(K 1 )), and if it is correct, the packets are decrypted. In order to decode packets related to the next interval, first the key related to that interval is validated by the one-way function in K i = F j-i (K j ), and then the packets are decoded by j>i [26]. The network member nodes hold the primary key K 0 here. K i (i>0) keys cannot be obtained using one-way hashing. K i is the only way to validate them. As a result, instead of revealing the key with each package, we have done it independently.
When routing is being performed, the packet P, which is encrypted with the shared key between the source and destination, is sent to the receiving node along with the route request packet (Eq 30): Since all nodes have the key K 0 of the source, the destination validates the key k i by applying the one-way function (Eq 31):

PLOS ONE
In this case, the authentication key is used to decrypt packets received in time interval i. In this time interval, packets are sent using Eq 32.
Due to the fact that the nodes are almost simultaneous, once the time period i has passed, the key for this period becomes invalid. At this time, the source node sends the key of the next period to the destination (Eq 33).
To decrypt packets of period i+1, the destination node validates the key of period i+1 using the one-way function. The process will continue for the next period of time. The key can be sent in different time periods as shown in Fig 6. ½T NOW ; K iþ1 ; T iþ1 ; T int � K SD

Result and discussion
An example of a common attack in vehicular ad hoc networks routing called black hole is simulated here in order to test the protocol's resistance against routing attacks. NS2 simulator software was used to simulate the proposed protocol and compare its performance parameters with those of other protocols. An average of 20 simulations is used to calculate all simulation results. The simulation parameters are shown in Table 2.

Performance parameters
Four parameters were evaluated to evaluate the efficiency of the proposed protocol and compare it with other algorithms: packet delivery rate, overhead, average end-to-end delay, and number of lost packets. Using these parameters, all four proposed protocols, SAODV, nonaggressive GHRP, and Blackhole GHRP (BGHRP), are compared. Packet delivery rate informs the user about the protocol's success rate when it comes to delivering data packets and routing at the application layer. When PDR is higher, the protocol has been more efficient in delivering packets. Fig 7 shows the effect of the attacking node and the mobility of the nodes on the packet delivery rate parameter.
In Fig 7, the PDR value for the proposed protocol is compared with the GHRP, BGHRP, and SAODV protocols over time. The graph shows that the PDR value for the proposed protocol in smaller times is close to the PDR value for SAODV protocols. As we get closer to the end of the simulation, this parameter appears more frequently in the proposed protocol and its value is higher than the SAODV protocol for times longer than 40 seconds. The key freshness does not seem to affect packet delivery rates much in less recent times, since the packets are encrypted with the primary key in the proposed protocol, and it is like using only one session key. Nevertheless, after the first period has passed, the session key between the source and destination nodes is changed, and packets sent and received are encrypted using the new key, reducing the likelihood of the key being leaked and increasing the number of packets received by the destination node.

Normalized routing load.
A normalized routing load (NRL) is the ratio of routing packets sent by a source to routing packets received by a destination and can be calculated using Eq 35.

NRL ¼
The number of routing packets sent by the source The number of data packets received by the destination ð35Þ A higher value of NRL results in a lower efficiency and effectiveness of the protocol. The routing overhead in the SGHRP protocol is higher than in the GHRP protocol because parts of the packets have been added to increase confidentiality. compares the normalized routing overhead between the proposed protocol and other protocols over time. According to the graph (Fig 8), the proposed protocol has a lower routing load than BGHRP and SAODV. 6.1.3. Average end to end delay. The average end-to-end delay is the average delay between two end nodes during packet transmission. Eq 36 is used to calculate this parameter:  As soon as an attacker (black hole node) enters the route, routing is disrupted and packets are delayed in reaching their destinations. Because the black hole node drops routing packets, or the attacker eavesdrops on the packets and sends them to the destination, causing the PLOS ONE packets to be delayed or not reach the destination, increasing the AED parameter. However, when the proposed protocols are used, according to the authentication, the routes that are created cannot be exploited. As a result, routing packets are not interrupted. Due to the presence of an attacker on short routes, the protocol may also have to use longer routes, which is why the packet arrival delay is higher than in GHRP.

Number of dropped packets.
During the simulation period, this parameter indicates the total number of packets that were lost and did not reach the destination. The number of dropped packets (NDP) can be calculated by using Eq 37: NDP ¼ The number of packets sent À The number of packets delivered ð37Þ The presence of malicious nodes in the network increases the value of NDP and lowers the performance of the network. Fig 10 illustrates the effect of the attacking node on the number of lost packets as time increases. Fig 10 shows the number of packet losses for different protocols at different times. The GHRP protocol has the best situation among the protocols. Although the proposed protocol has more losses than the GHRP protocol, they are relatively better than the BGHRP and SAODV protocols. The graph shows that packet loss has decreased over time, which is due to network stabilization.

Conclusion
The SGHRP protocol was proposed in this paper to authenticate the nodes, achieve high confidentiality, and reduce routing overhead and end-to-end delay. The proposed protocol has been implemented using NS2 software. When an attacker (black hole node) is present in the route, the routing is interrupted, causing packets to be delayed in reaching their destinations. As long as the proposed protocols are used according to authentication, the routes that are created will not be attacked, so the routing will not be interrupted and the end-to-end delay will be reduced. To achieve low routing overhead, hashing functions were used in the first stage to achieve security goals, and one-way hashing functions were used in the second stage to validate time interval keys. As we approach the end of the simulation, this parameter becomes apparent and increases in the proposed protocol. At low times, the PDR value for the proposed protocol is similar to the PDR values in SAODV and BGHRP. Additionally, package losses were compared. Although the proposed protocol has a higher loss than the GHRP protocol, it has a relatively better condition than SAODV and BGHRP. The black hole attack was tested as an example of routing attacks in the protocol evaluation section. Multiple nodes interacting in routing lead to other attacks, such as wormholes, in VANET networks. Protocols can be examined in terms of their resistance to such attacks.